First published: Fri Jun 04 2021(Updated: )
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Common Services Platform Collector | <2.9.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1538 is a vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) that could allow an authenticated, remote attacker to execute arbitrary code.
CVE-2021-1538 has a severity score of 7.2, which is considered critical.
Cisco Common Services Platform Collector (CSPC) versions up to and excluding 2.9.1 are affected by CVE-2021-1538.
An attacker can exploit CVE-2021-1538 by leveraging insufficient sanitization of configuration entries in the configuration dashboard of Cisco Common Services Platform Collector (CSPC).
To fix CVE-2021-1538, upgrade your Cisco Common Services Platform Collector (CSPC) to version 2.9.1 or higher.